[Python-Dev] Challenge: Please break this! [Now with blog post] (original) (raw)
Guido van Rossum guido at python.org
Tue Feb 24 20:30:46 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Feb 24, 2009 at 12:27 AM, tav <tav at espians.com> wrote:
Daniel emailed in the exploit below and it is pretty devastating. It takes advantage of the fact that the warnings framework in 2.6+ dynamically imports modules without being explicitly called!!
I've fixed this hole in safelite.py, but would be interested to know if there are other non-user-initiated dynamically imported modules? Thanks Daniel for bringing this to our attention!
Grep the source for PyImport.
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]